Wednesday, 2 November 2011

LBE Privacy Guard adds data management and DroidWall functions

Too permissive

A major design flaw in Android is the way it handles permissions for apps. When you install an app it asks for permissions to go online, read your private data, get your location, and lots of other scary stuff.

The problem is that your choice is limited to all or nothing. You can either grant an app each and every permission it asks for, or you can choose not to install the app at all. There's nothing in between, and for preinstalled apps you don't get any choice at all. Give 'em a finger and they take the whole hand.

That's why there are apps to fill the gap. None of the permissions managers, firewalls and ad blockers works without root access, so there's yet another good reason to root your phone.

Just say no

Permissions Denied is an app to revoke permissions. Recent versions of CyanogenMod 7 have a built-in permissions manager. Unfortunately those apps really deny permissions, which crashes apps that don't know how to behave when they hear the word "no."

LBE Privacy Guard thinks different. It doesn't deny permissions outright, it simply makes apps believe they still have the permissions that you took away from them. For example, when an app wants to read your contacts list against your will, LBE Privacy Guard feeds the app an empty list. It uses the same trick to protect your messages, location, phone number, IMEI, email, phone bill, etc.

Totally new

The latest update of LBE Privacy Guard is so new that you can't update the old version. Version 2 gets installed as a new app that won't coexist with LBE 1, and your old settings won't carry over either. Upgrading means that your old copy gets bumped off your phone and you'll have to reapply all your granted and denied permissions.

But upgrading is worth it. The new LBE is faster, eats less battery and memory, has a cleaner interface, and comes with new features. Good news for CyanogenMod users: LBE now works on CM7 too.

The main new feature in LBE Privacy Guard is a DroidWall-like firewall which can keep apps away from WiFi, mobile data, or both. It doesn't have the custom rules and blacklist/whitelist options of DroidWall itself, so you may want to keep DroidWall together with LBE.

LBE 2 can also monitor your data usage, and warn you when you're about to go over a preset limit. That might be useful for some, but there are better data managers out there.

Totally old

Some things didn't change. For most permissions you get three choices: permit, deny, or ask me everytime. The exception to the rule is the Phone ID permission (to keep your IMEI, IMSI, and phone number away from spammers). Phone ID permission can be either on or off, but the "ask me" option is missing. Its default setting is "allow."

LBE Privacy Guard won't let you protect its settings with a password, but there are apps out there that can lock down other apps if you need to put a lock on LBE.

Of course LBE Privacy Guard asks for a lot of permissions itself. It needs most of them to do its job, but it doesn't need internet permission. You can take LBE out of your list of trusted apps and tell it not to go online, or blacklist it in DroidWall. So far I didn't detect any unsollicited internet access, but for apps with root access you never know. What would happen on a level playing field where one app with root access (LBE) is kept offline by another app with root access (DroidWall)?